CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3762 – Emlog Pro Whisper Page twitter.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-3762
14 Apr 2024 — A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://github.com/fubxx/CVE/blob/main/Emlog-XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31013
https://notcve.org/view.php?id=CVE-2024-31013
03 Apr 2024 — Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. Vulnerabilidad de Cross Site Scripting (XSS) en emlog versión Pro 2.3, permite a atacantes remotos ejecutar código arbitrario a través de un payload manipulado en la parte inferior de la página de inicio en el parámetro footer_info. • https://github.com/emlog/emlog/issues/291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25381
https://notcve.org/view.php?id=CVE-2024-25381
21 Feb 2024 — There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. Existe una vulnerabilidad XSS almacenada en la publicación de artículos de Emlog Pro 2.2.8, debido a que no se filtra el contenido citado. • https://github.com/Ox130e07d/CVE-2024-25381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41619
https://notcve.org/view.php?id=CVE-2023-41619
16 Jan 2024 — Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. Se descubrió que Emlog Pro v2.1.14 contiene una vulnerabilidad de cross site scripting (XSS) a través del componente /admin/article.php?action=write. • https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41618
https://notcve.org/view.php?id=CVE-2023-41618
13 Dec 2023 — Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. Se descubrió que Emlog Pro v2.1.14 contiene una vulnerabilidad de cross-site scripting (XSS) reflejado a través del componente /admin/article.php?active_savedraft. • https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 5%CPEs: 1EXPL: 1CVE-2023-41621
https://notcve.org/view.php?id=CVE-2023-41621
13 Dec 2023 — A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. Se descubrió una vulnerabilidad de Cross Site Scripting (XSS) en Emlog Pro v2.1.14 a través del componente /admin/store.php. • https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41623
https://notcve.org/view.php?id=CVE-2023-41623
12 Dec 2023 — Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. Se descubrió que la versión pro2.1.14 de Emlog contenía una vulnerabilidad de inyección SQL a través del parámetro uid en /admin/media.php. • https://github.com/GhostBalladw/wuhaozhe-s-CVE • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44973
https://notcve.org/view.php?id=CVE-2023-44973
03 Oct 2023 — An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en el componente /content/templates/ de Emlog Pro v2.2.0 permite a los atacantes ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/yangliukk/emlog/blob/main/Template-getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 17%CPEs: 1EXPL: 1CVE-2023-44974
https://notcve.org/view.php?id=CVE-2023-44974
03 Oct 2023 — An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en el componente /admin/plugin.php de Emlog Pro v2.2.0 permite a los atacantes ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/yangliukk/emlog/blob/main/Plugin-getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43267
https://notcve.org/view.php?id=CVE-2023-43267
02 Oct 2023 — A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función de publicación de artículos de emlog pro v2.1.14 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo del título. • https://gist.github.com/Fliggyaaa/b61c24e828cbcfac42406be408665280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •